Getting issue in keychain: iPhone Distribution Certificate is not trusted

Question

I'm working on iOS enterprise application, now our iOS distribution certificate is expired and I'm creating new certificate using below steps:

1. Create certificate sigining request from keychain access.
2. Login with developer.apple.com and generate distribution certificate using certificate sigining request.
3. download new iOS distribution certificate and install.

After this I'm able to see iOS Distribution certificate in keychain access but getting error: "iPhone Distribution certificate is not trusted".

Also, I have tried it using Automatically manage signing, and tried to export ipa file, but I'm getting below error:

Please help me to resolve this errors.

Answer 1

https://developer.apple.com/de/support/expiration/ should be the answer. Just install the certificate manually or upgrade to Xcode 11.4.1 or later. After upgrading to Xcode >= 11.4.1 I had to open a Xcode project and had to wait few seconds. Afterwards the new Apple Worldwide Developer Relations Intermediate Certificate automatically has been installed.

Answer 2

Just download the certificate from here and install it. If that doesn't works have a look on https://developer.apple.com/de/support/expiration/.

Answer 3

The current Apple Worldwide Developer Relations Certification Intermediate Certificate (intermediate certificate) is set to expire on February 7, 2023. The renewed certificate will be used to sign new software signing certificates issued after January 28, 2021 for the Apple Developer Programs. Remaining service certificates will be updated in the future and this page will be updated to reflect additional certificate changes.

https://developer.apple.com/support/expiration/

Answer 4

I also had the similar issue:

It's because :

Issued by: Apple Worldwide Developer Relations Certification Authority

Try the following steps to resolve this issue.

• You need renewed certificate, please click this link to get it: https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer

• Open the terminal, enter the file directory, then install the new certificate with this command:

  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain AppleWWDRCAG3.cer
  

Reference : https://github.com/actions/virtual-environments/issues/1620

Answer 5

I literally wasted 1 week solving this error and First i got code sign errors even on sample app created from Xcode after 4 days landed to this page and discovered that i need to add apple developer certificate to my keychain. Which you can find here But doing this only will not completely solved my error. I got further error Which was only 7 days old as of now. https://developer.apple.com/forums/thread/673846

So i again went to https://developer.apple.com/de/support/expiration/ page and found that if we have Xcode less than 11.4 or in some cases OS is not Big Sur then we will not be able to sign the app.

Known Issues

Xcode 11.4.0 and earlier may not be able to sign software using signing certificates issued by the new Apple Worldwide Developer Relations Certification Intermediate Certificate. If you’re unable to upgrade to a supporting version of macOS or Xcode on your build machine, you can build and archive your app using an earlier Xcode client and sign it for distribution using the latest release. Alternatively, you can utilize the codesign tool to sign your software using the command line.

So you need to upgrade to xcode > 11.4 other wise you may not able to sign the app.

Answer 6

If the list is empty press the + in Xcode Settings -> Accounts Somehow the Development cert in keychain becomes valid after that

Answer 7

I resolved this issue by downloading the file from this Apple link: https://www.apple.com/certificateauthority/

1. Apple Worldwide Developer Relations Intermediate Certificate (G4)
2. Apple Developer ID Intermediate Certificate (G2)

after downloading them, I put them in the key chain by drag and drop. It will solve your problem as well.

Answer 8

For me it's a recurring issue ^$&#%^ ...

It seems the old Apple Worldwide Developer Relations Certification Intermediate Certificate which expires 2023 is automatically coming back (triggered by I-don't-know-what) and sometimes leads to my developer certificate getting untrusted.

I suppose sometimes the system accidentally tries to authorise the dev certificate with the 2023 relations certificate instead of the newer one which expires 2030 and then sets the state to untrusted.

The easiest (but still annoying) solution in that case is just to remove the 2023 relations certificate from the keychain, the dev certificate then gets trusted again.

Answer 9

In Keychain Access, double-click on the certificate. In the dialog that comes up, click the caret next to the Trust heading. Then, in the menu next to "When using this certificate", choose "Always Trust". Close the dialog. Problem solved.